By Mark Jewell/Associated Press
The TJX Cos. Inc. faces federal lawsuits in five additional states over a
data theft that exposed at least 45 million credit and debit cards to
potential fraud, according to a regulatory filing Thursday by the owner of
stores including T.J. Maxx and Marshalls.
A quarterly filing said TJX was named in nine new lawsuits filed since the
Framingham-based company's March 28 update on a theft believed to be the
largest in the U.S. based on the number of customer records compromised.
Thursday's filing with the Securities and Exchange Commission says
complaints seeking class-action designation on behalf of customers were
filed in April and May in the federal courts of five additional states:
Illinois, Michigan, Missouri, Ohio and Texas.
Three new lawsuits were filed over the past two months in Massachusetts,
where cases had previously been brought earlier in the year. The March 28
filing had listed more than a dozen lawsuits in Alabama, California,
Massachusetts, Puerto Rico and six Canadian provinces. The Massachusetts
cases against TJX have been consolidated.
In addition to listing TJX as a defendant, some of the lawsuits also name
Cincinnati-based Fifth Third Bancorp, which processed some payment card
transactions for TJX.
TJX said in Thursday's filing that it "intends to defend all of these
actions vigorously," and Fifth Third has said it believes there are
"substantial defenses" against the claims it faces.
Most of the complaints have been filed by TJX customers whose personal data
was stolen. But some have been brought by financial institutions saddled
with costs to replace cards and cover fraudulent charges tied to the theft.
In April, bank associations in Massachusetts, Connecticut and Maine sued
TJX, the owner of nearly 2,500 discount stores.
TJX disclosed the breach on Jan. 17, and said March 28 that one or more
intruders unearthed data from at least 45.7 million credit and debit cards
from transactions as long ago as early 2003. Independent organizations that
track data thefts say the TJX case is believed to be the largest in the
U.S. based on the number of customer records compromised.
TJX says about three-quarters of the 45.7 million cards had either expired
by the time of the theft, or the stolen information didn't include security
code data from the cards' magnetic stripes. However, TJX also has said the
intruders could have tapped the unencrypted flow of information to card
issuers as customers checked out with their credit cards.
The only arrests so far have come in Florida, where 10 people who aren't
believed to be the TJX hackers are accused of using stolen TJX customer
data to buy Wal-Mart gift cards.
Last month, TJX said its first-quarter profit dipped 1 percent, in part due
to a $12 million after-tax charge from costs related to the theft.
Nevertheless, TJX reported a 6 percent increase in revenue as customer
traffic remained strong despite negative publicity about the theft.
On Thursday, TJX said sales at stores open at least a year rose 5 percent.
Shares of TJX fell 77 cents, or about 2.7 percent, to close at $27.74,
after the May sales report and before TJX's SEC filing.
Besides its T.J. Maxx and Marshalls stores, TJX operates HomeGoods, A.J.
Wright and Bob's Stores in the United States, Winners and HomeSense stores
in Canada, and T.K. Maxx stores in Europe.
Original content available for non-commercial use under a Creative
Commons license, except where noted.
Copyright 2006-2007 GateHouse Media, Inc. Some Rights Reserved.